Recommended Security Controls for Federal Information Systems Sample Clauses

The "Recommended Security Controls for Federal Information Systems" clause establishes baseline security requirements that federal information systems must implement to protect sensitive data and operations. It typically outlines specific technical and administrative safeguards, such as access controls, encryption standards, and incident response procedures, which agencies must follow when designing, operating, or maintaining their IT systems. By mandating these controls, the clause ensures a consistent level of security across federal systems, reducing vulnerabilities and helping to prevent unauthorized access or data breaches.
Recommended Security Controls for Federal Information Systems. The PMA acknowledges that the use of unsecured telecommunications, including the Internet, to transmit individually identifiable, bidder identifiable or deducible information derived from the shared file(s) is prohibited. Further, the PMA agrees that the data must not be physically moved, transmitted, or disclosed in any way from or by the Data Custodians’ site(s) to an entity not listed on the IEA or DRA without written approval from CMS unless such movement, transmission or disclosure is required by a law. For example, CMS expects the PMA to, at minimum: Protect PII and PHI that is furnished by CMS under this Agreement from loss, theft or inadvertent disclosure; Ensure that laptops and other electronic devices/media containing PII or PHI are encrypted and password-protected; and, Send emails containing PII or PHI only if encrypted and being sent to and being received by e-mail addresses of persons authorized to receive such information. CMS reserves the right to conduct onsite inspections to monitor compliance with this Agreement and the corresponding DRA until such time CMS Data is destroyed and/or the CMS DRA is terminated. In signing this agreement and the corresponding DRA, the PMA attests that the requested data will be maintained, used, and disclosed only in a manner that is in accordance with the requirements of this agreement and the corresponding CMS DRA.
View SourceView Similar (6)
Recommended Security Controls for Federal Information Systems. All Members or subcontractors who participate in sharing sensitive data during the course of their participation in Institute activities will be required to certify that they meet the NC State Security & Compliance unit’s information security standards through an annual verification process.
View SourceView Similar (2)
Recommended Security Controls for Federal Information Systems. The PMA acknowledges that the use of unsecured telecommunications, including the Internet, to transmit individually identifiable, bidder identifiable or deducible information derived from the shared file(s) is prohibited. Further, the PMA agrees that the data must not be physically moved, transmitted, or disclosed in any way from or by the Data Custodians’ site(s) to an entity not listed on the IEA or DRA without written approval from CMS unless such movement, transmission or disclosure is required by a law. For example, CMS expects the PMA to, at minimum: Protect PII and PHI that is furnished by CMS under this Agreement from loss, theft or inadvertent disclosure; Ensure that laptops and other electronic devices/media containing PII or PHI are encrypted and password-protected; and, Send emails containing PII or PHI only if encrypted and being sent to and being received by e-mail addresses of persons authorized to receive such information.
View Source
Recommended Security Controls for Federal Information Systems. All Members or subcontractors who participate in sharing sensitive data during the course of their participation in Institute activities will be required to certify that they meet the NC State Security & Compliance unit’s information security standards through an annual verification process. The Institute must engage in a multifaceted, risk-based activity involving management and operational personnel to categorize the security of Institute information and information systems, as described by FIPS Publication 199. Subsequent to the security categorization process, the Institute must select an appropriate set of security controls for its information systems that satisfies the minimum security requirements set forth in the Institute’s Information Security Requirements. The selected set of security controls must include one of three, appropriately tailored security control baselines from NIST Special Publication 800-53 that are associated with the designated impact levels of the organizational information systems as determined during the security categorization process. For low-impact information systems, the Institute must, at a minimum, employ appropriately tailored security controls from the low baseline of security controls defined in NIST Special Publication 800-53 and must ensure that the minimum assurance requirements associated with the low baseline are satisfied. For moderate-impact information systems, the Institute must, at a minimum, employ appropriately tailored security controls from the moderate baseline of security controls defined in NIST Special Publication 800-53 and must ensure that the minimum assurance requirements associated with the moderate baseline are satisfied. For high-impact information systems, the Institute must, at a minimum, employ appropriately tailored security controls from the high baseline of security controls defined in NIST Special Publication 800-53 and must ensure that the minimum assurance requirements associated with the high baseline are satisfied. The Institute must employ all security controls in the respective security control baselines unless specific exceptions are allowed based on the tailoring guidance provided in NIST Special Publication 800-53.
View Source
Recommended Security Controls for Federal Information Systems. The minimum baseline security controls are the starting point for the security control selection process, and are the basis from which controls and control enhancements may be removed, added or customized to achieve the level of security protection required for the data or information system. Additional security controls that are not addressed in the NIST SP 800-53 Security Controls may be required based on regulatory compliance or by contractual obligation. The MDOS considers all non-publicly available data to be considered a minimal classification of confidential with a potential moderate data impact level. The additional security controls associated with the data include: .
View Source

Related to Recommended Security Controls for Federal Information Systems

  • Security Controls for State Agency Data In accordance with Senate Bill 475, Acts 2021, 87th Leg., R.S., pursuant to Texas Government Code, Section 2054.138, Contractor understands, acknowledges, and agrees that if, pursuant to this Contract, Contractor is or will be authorized to access, transmit, use, or store data for System Agency, Contractor is required to meet the security controls the System Agency determines are proportionate with System Agency’s risk under the Contract based on the sensitivity of System Agency’s data and that Contractor must periodically provide to System Agency evidence that Contractor meets the security controls required under the Contract.

  • Internal Controls; Listing; Financial Statements (a) Except as not required in reliance on exemptions from various reporting requirements by virtue of Acquiror’s status as an “emerging growth company” within the meaning of the Securities Act, as modified by the JOBS Act or as otherwise set forth in the Acquiror SEC Filings, Acquiror has established and maintains disclosure controls and procedures (as defined in Rule 13a-15 under the Exchange Act). Such disclosure controls and procedures are designed to (i) ensure that material information relating to Acquiror, including its consolidated Subsidiaries, if any, is made known to Acquiror’s principal executive officer and its principal financial officer by others within those entities, particularly during the periods in which the periodic reports required under the Exchange Act are being prepared; and (ii) be effective in timely alerting Acquiror’s principal executive officer and principal financial officer to material information required to be included in Acquiror’s periodic reports required under the Exchange Act. Acquiror has established and maintained a system of internal controls over financial reporting (as defined in Rule 13a-15 under the Exchange Act) which is reasonably sufficient to provide reasonable assurance regarding the reliability of Acquiror’s financial reporting and the preparation of Acquiror Financial Statements for external purposes in accordance with GAAP. (b) To the knowledge of Acquiror, except as set forth in Section 6.6(b) of the Acquiror Disclosure Letter, each director and executive officer of Acquiror has filed with the SEC on a timely basis all statements required by Section 16(a) of the Exchange Act and the rules and regulations promulgated thereunder. (c) The Acquiror SEC Filings contain true and complete copies of the audited balance sheet as of May 17, 2022, and statement of operations, cash flow and shareholders’ equity of Acquiror for the period from February 25, 2021 (inception) through May 17, 2022, together with the auditor’s reports thereon (the “Acquiror Financial Statements”). Except as disclosed in the Acquiror SEC Filings, the Acquiror Financial Statements (i) fairly present in all material respects the financial position of Acquiror, as at the respective dates thereof, and the results of operations and consolidated cash flows for the respective periods then ended, (ii) were prepared in conformity with GAAP applied on a consistent basis during the periods involved (except as may be indicated therein or in the notes thereto), and (iii) comply in all material respects with the applicable accounting requirements and with the rules and regulations of the SEC, the Exchange Act and the Securities Act in effect as of the respective dates thereof. The books and records of Acquiror have been, and are being, maintained in all material respects in accordance with GAAP and any other applicable legal and accounting requirements. (d) There are no outstanding loans or other extensions of credit made by Acquiror to any executive officer (as defined in Rule 3b-7 under the Exchange Act) or director of Acquiror. Acquiror has not taken any action prohibited by Section 402 of the ▇▇▇▇▇▇▇▇-▇▇▇▇▇ Act. (e) Neither Acquiror nor any director or officer of Acquiror nor, to the knowledge of Acquiror, any employee of Acquiror or Acquiror’s independent auditors has identified or been made aware of (i) any significant deficiency or material weakness in the system of internal accounting controls utilized by Acquiror, (ii) any fraud, whether or not material, that involves Acquiror’s management or other employees who have a role in the preparation of financial statements or the internal accounting controls utilized by Acquiror or (iii) any claim or allegation regarding any of the foregoing.